10.8. Internet Security Zones: All Versions In the real world, you usually have a pretty good sense of where the bad parts of town are, and how to avoid them after dark. On the Web, it's not so easy. The most elegant-looking Web page may be a setup, a trick by sleazy hackers to install viruses on your PC. Security zones is yet another (pre-Vista) Internet Explorer feature that was designed to limit the number of paths the bad guys have into your PC. It's fairly confusing, which is why not many people bother with it. Under this scheme, if you have tons of time, you can place individual Web sites into different classifications (zones) according to how much you trust them. Internet Explorer refuses to download potential bad stuff (like those ActiveX plug-instruments) from sites in the seedier zones. Your PC, sanitized for your protection. For example, internal company Web sites, right there on the corporate network, are pretty unlikely to be booby-trapped with spyware and viruses (unless you have a really twisted network administrator). Such internal sites are automatically part of the low-security Local intranet zone. If you maintain a Web site at home, it's in that zone, too. There are also zones called Trusted sites (medium security) and Restricted sites (high security), but you have to put Web sites into these zones manually, as described in a moment. Any site you haven't manually placed into a zone automatically belongs to the Internet zone (medium security). To see your options, choose Tools  Internet Options Security from within Internet Explorer (Figure 10-15).  | Figure 10-15. The Internet Options Security tab lets you control Internet Explorer's security settings for browsing the Web. You can customize the settings for each zone by moving the slider up for more security, or down for less security . | |
FREQUENTLY ASKED QUESTION
The Wisdom of Internet Explorer | | How does the Pop-up Blocker know a good pop-up from a bad one, anyway? Internet Explorer generally tries to distinguish between pop-ups it considers necessary for a site to run, and those it considers annoying or dangerous. Although it doesn't always succeed, there is some logic behind its thinking. At the factory setting, some pop-ups get through. For example, it allows pop-ups that contain "active content"for example, important features, brought to you by ActiveX controls and browser add-ons, that are integral to the proper functioning of a Web site: seating charts , flight-details screens, and so on. The blocker doesn't block pop-ups from sites in your Local intranet or Trusted sites zones, either. Finally, if you already have a spyware infection, pop-ups may appear constantly; the Pop-up Blocker isn't designed to block spyware pop-ups. |
10.8.1. Security Levels And what, exactly, is meant by "medium security" or "high security"? These settings control what can and can't be done when you're visiting such a site. For example, they govern whether or not you're allowed to download files, and whether or not Internet Explorer runs little embedded Web-page programs like Java applets or ActiveX controls. (Java applets are little programs that offer interactivity on Web sites, like games and interactive weather maps.) POWER USERS' CLINIC
Customizing Ad Infinitum | | If you don't like the security settings for each of the zones, you can change them. You could, for example, become a more trusting person and tell Internet Explorer to treat the Internet zone with Medium-low security. In Internet Explorer, choose Tools Internet Options Security, shown in Figure 10-15. For Local intranet and Trusted sites, click the zone and then drag the slider. For Internet and Restricted Sites, click the zone. Then click Custom Level; in the Security Settings dialog box, from the "Reset to drop-down box, select the new security level and then click OK. And speaking of tweaks not many people will make, you can also change the definition of a zonethat is, what kinds of online activities it permitsrather than relying on the canned High, Medium, Medium-Low, and Low levels. Click any zone and then select Custom Level. The Security Settings dialog box appears. Pick your options, such as whether a site should be allowed to install desktop items, how to handle ActiveX controls, and so on. Then click OK. |
Here's the cheat sheet: -
High security blocks all kinds of features that could conceivably be avenues for bad guys to infect your browser: ActiveX controls, Java and Java applets, and downloads. -
Medium security means that whenever a Web site triggers an ActiveX control to run, you're asked for permission. Unsigned ActiveX controlsthose whose origins aren't clear to Internet Explorerdon't get run at all. Downloads and Java applets are OK. -
Medium-Low . Same as Medium, but some ActiveX programs run without first checking with you. -
Low . Runs all ActiveX controls and other little Web programs. Rarely asks you for permission for things. 10.8.2. Classifying Sites by Hand You don't have to rely on Microsoft's judgment about which Web sites belong in which zonesyou can classify them yourself. For example, if you know and trust a certain Web site, you can put it in the Trusted sites zone. To do that, select a zone, click Sites, and then, in the dialog box that appears, click Advanced. In the next dialog box, type in the Web site's URL and then click Add. |
